Happy New Year – 2012
Recently I had worked with my good friend Bobby on a special requirement for one of his customers. Customer has a SharePoint web application created in the default zone enabled with SSL and the same web application was published to a different zone (Internet) for anonymous users.
Below screenshot will give a better picture. Both web applications were using same URI except the default zone was configured to use NTLM authentication & SSL, and the internet zone was configured to allow anonymous access and non-SSL (HTTP).
When you enable anonymous authentication on a Web site, you allow anonymous users (and authenticated users who have not been granted access to the site) to browse the entire Web site, including any list, library, folder within a list or library, list item, or document that inherits its permissions from the Web site but not to contribute. For more information please look at here, I have enabled anonymous access for the entire website.
Authentication configuration for above mentioned web applications are given below.
Default Zone (https://bobby.troy.com)
Internet Zone (http://bobby.troy.com)
So, here begins the actual scenario , since both websites were published outside the corpnet, both anonymous users and authenticated users can access the website. If any user try to hit the URL https://bobby.troy.com, it will ask for credentials and any authenticated users can login and do any modifications. But, take a scenario where an actual AD user trying to access http://bobby.troy.com (Internet), it will not ask for credentials and it will allow the user to navigate to the sites and its contents as an anonymous user, and users can’t modify any content.
In this situation if user want to sign in to the site and do some modification in the site, by default if he or she click on the “Sign In” button (red box in the above screen) it will show user login prompt and it will allow the user to login to the same site which is using (HTTP). But to make it secure we have to login to the web application which was created in default zone (using HTTPS). So here simple work around is manual modification of the browser URL from HTTP to HTTPS, which is not a good work around as all end users won’t do that. We were discussing about a work around for this to make it automatic.
Work around was make the “Sign In” button to do some magic, for that we have to customize it. “Sign In” button is rendered via a user control called “Welcome.ascx” which located under \14\tempalte\ControlTemplates location. Once we open it you can see that welcome.ascx hosts many other controls as well, like user personalization control.
“Sign In” link is rendered by a control called “ExplicitLogin”, so what we have to do is change the control logic. By default this control has a property “ApplicationPageFileName” which configured to “Authenticate.aspx” which located under _layouts directory. By default , when we click on the “sign in” link it is hitting on Authenticate.aspx page to do the authentication.
In the above screen shot of the welcome controls, you can see that I have modified “ExplicitLogin”control.
In order to implement this solution, you have to create a custom user control which will be a copy of out-of-the-box welcome control except the changes in “ExplicitLogin” control. Also you have to override OnLoad method of the user control and implement the following code in below code snippet.
Now, to make it as a reusable package and make it easier to manage , I have a developed a Visual Studio 2010 solution.
I have attached the complete source code with this post below. If you have this kind of requirement you can download and test it out in a test environment and do further modifications. Once you deploy it then once you visit anonymous site, in my scenario http://bobby.troy.com when any user want to login to the secured site to do some modification then while clicking on the “sign in” button , our custom code will execute and user will get navigate to the secured site (in my case https://bobby.troy.com )
Hope this will help someone else as well !